session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
require_once __DIR__ . '/../conf/db.php';
// Include helpers
require_once __DIR__ . '/../includes/csrf.php';
require_once __DIR__ . '/../includes/password_helper.php';
// Auto-login check for Remember Me
if (!isset($_SESSION['user_id']) && isset($_COOKIE['remember_me'])) {
$token = $_COOKIE['remember_me'];
$user = get_user_by_remember_token($pdo, $token);
if ($user) {
// Auto-login successful
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['full_name'] = $user['full_name'];
$_SESSION['profile_picture'] = $user['profile_picture'];
header("Location: ../index.php");
exit();
} else {
// Invalid token, clear cookie
clear_remember_cookie();
}
}
if (isset($_SESSION['user_id'])) {
header("Location: ../index.php");
exit();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// CSRF Check
if (!isset($_POST['csrf_token']) || !verify_csrf_token($_POST['csrf_token'])) {
die("CSRF Token Verification Failed");
}
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$remember_me = isset($_POST['remember_me']);
$stmt = $pdo->prepare("SELECT id, username, password, full_name, profile_picture FROM users WHERE username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
// Prevent Session Fixation
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['full_name'] = $user['full_name'];
$_SESSION['profile_picture'] = $user['profile_picture'];
// Handle Remember Me
if ($remember_me) {
$token = generate_remember_token();
store_remember_token($pdo, $user['id'], $token, 30);
set_remember_cookie($token, 30);
}
header("Location: ../index.php");
exit();
} else {
$error = "Username atau Password salah!";
}
}
// Check for success message from registration
if (isset($_SESSION['success'])) {
$success = $_SESSION['success'];
unset($_SESSION['success']);
}
?>
Login - CatetCuy
Welcome back